import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
-import org.sonar.api.web.UserRole;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.MyBatis;
@Override
public void handle(Request request, Response response) throws Exception {
- userSession.checkPermission(UserRole.ADMIN);
+ userSession.checkLoggedIn().checkIsRoot();
List<String> uuids = request.paramAsStrings(PARAM_IDS);
List<String> keys = request.paramAsStrings(PARAM_KEYS);
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentCaptor;
import org.sonar.api.utils.System2;
-import org.sonar.api.web.UserRole;
-import org.sonar.core.permission.GlobalPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.server.component.ComponentCleanerService;
import org.sonar.server.exceptions.ForbiddenException;
+import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;
componentCleanerService,
dbClient,
userSessionRule)));
- userSessionRule.setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
}
@Test
public void delete_projects_by_uuids() throws Exception {
+ userSessionRule.logIn().setRoot();
ComponentDto p1 = componentDbTester.insertProject();
ComponentDto p2 = componentDbTester.insertProject();
@Test
public void delete_projects_by_keys() throws Exception {
+ userSessionRule.logIn().setRoot();
ComponentDto p1 = componentDbTester.insertProject();
ComponentDto p2 = componentDbTester.insertProject();
}
@Test
- public void fail_if_insufficient_privileges() throws Exception {
- userSessionRule.setGlobalPermissions(UserRole.CODEVIEWER, UserRole.ISSUE_ADMIN, UserRole.USER);
+ public void throw_UnauthorizedException_if_not_logged_in() throws Exception {
+ expectedException.expect(UnauthorizedException.class);
+ expectedException.expectMessage("Authentication is required");
+
+ ws.newPostRequest("api/projects", ACTION).setParam(PARAM_IDS, "whatever-the-uuid").execute();
+ }
+
+ @Test
+ public void throw_ForbiddenException_if_not_root_administrator() throws Exception {
+ userSessionRule.logIn().setNonRoot();
+
expectedException.expect(ForbiddenException.class);
+ expectedException.expectMessage("Insufficient privileges");
ws.newPostRequest("api/projects", ACTION).setParam(PARAM_IDS, "whatever-the-uuid").execute();
}